Home / mailings [USN-2143-1] cups-filters vulnerabilities
Posted on 12 March 2014
Ubuntu Security==========================
==========================
========================
Ubuntu Security Notice USN-2143-1
March 12, 2014
cups-filters vulnerabilities
==========================
==========================
========================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.10
- Ubuntu 12.10
- Ubuntu 12.04 LTS
Summary:
cups-filters could be made to run programs as the lp user if it processed=
a
specially crafted file.
Software Description:
- cups-filters: OpenPrinting CUPS Filters
Details:
Florian Weimer discovered that cups-filters incorrectly handled memory
in the urftopdf filter. An attacker could possibly use this issue to
execute arbitrary code with the privileges of the lp user. This issue onl=
y
affected Ubuntu 13.10. (CVE-2013-6473)
Florian Weimer discovered that cups-filters incorrectly handled memory
in the pdftoopvp filter. An attacker could possibly use this issue to
execute arbitrary code with the privileges of the lp user. (CVE-2013-6474=
,
CVE-2013-6475)
Florian Weimer discovered that cups-filters did not restrict driver
directories in in the pdftoopvp filter. An attacker could possibly use th=
is
issue to execute arbitrary code with the privileges of the lp user.
(CVE-2013-6476)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.10:
cups-filters 1.0.40-0ubuntu1.1
Ubuntu 12.10:
cups-filters 1.0.24-2ubuntu0.2
Ubuntu 12.04 LTS:
cups-filters 1.0.18-0ubuntu0.2
In general, a standard system update will make all the necessary changes.=
References:
http://www.ubuntu.com/usn/usn-2143-1
CVE-2013-6473, CVE-2013-6474, CVE-2013-6475, CVE-2013-6476
Package Information:
https://launchpad.net/ubuntu/+source/cups-filters/1.0.40-0ubuntu1.1
https://launchpad.net/ubuntu/+source/cups-filters/1.0.24-2ubuntu0.2
https://launchpad.net/ubuntu/+source/cups-filters/1.0.18-0ubuntu0.2
